Citrix's GoToMyPC user passwords compromised after hack attack

The remote PC service is requiring all users to change their passwords following a recent hack.

Lance Whitney Contributing Writer
Lance Whitney is a freelance technology writer and trainer and a former IT professional. He's written for Time, CNET, PCMag, and several other publications. He's the author of two tech books--one on Windows and another on LinkedIn.
Lance Whitney
2 min read

Users of Citrix's GoToMyPC are the latest victims of an online password hack.


Those of you who use Citrix's GoToMyPC are going to have to reset your passwords.

The service, which lets users remotely access PCs over the internet, was hit by a "very sophisticated password attack," Citrix said Sunday in a blog post. The company is requiring users to reset their passwords using the "forgot password" link.

Cyberattacks against websites have jumped in recent years as hackers find new ways to exploit security flaws. Hackers often sell stolen customer credentials on the black market. Users typically are prompted to reset their passwords but still have to worry about their personal information winding up in the wrong hands.

"Citrix takes the safety and security of its customers very seriously, and is aware of the password attack on GoToMyPC," said John Bennett, product line director at Citrix, in a statement. "Once Citrix learned about the attack, it took immediate action to protect customers. Citrix can confirm the recent incident was a password re-use attack, where attackers used usernames and passwords leaked from other websites to access the accounts of GoToMyPC users. Further, there is no indication of compromise to any other Citrix product line."

To reset your GoToMyPC password, go to the site and click on the Log In link.

You may also want to enable two-step verification, a process that sends a code to your phone each time you want to sign in. If you've used the same password for GoToMyPC at other websites or for other accounts, you should change it at those places as well.

Update, 1:37 p.m. PT: Adds statement from Citrix.